Articles of interest from the week of April 10, 2023

Europol Details ChatGPT’s Potential for Criminal Abuse

With the increased public interest in ChatGPT, the Europol Innovation Lab took the matter seriously and conducted a series of workshops involving subject matter experts from various departments of Europol. These workshops aimed to investigate potential ways in which large language models (LLMs) like ChatGPT can be exploited by criminals and how they can be utilized to aid investigators in their day-to-day tasks. (Help Net Security)

“ChatGPT represents a new wave of powerful tools and capabilities that will just as surely be used by criminals as it will be used by those seeking to do good. It’s up to the folks providing access to these tools, as well as cybersecurity providers, to provide countermeasures and safeguards to manage the risk that these tools will be misused.” – Jason Ingalls, Founder & CEO at Ingalls Information Security

Microsoft Patches 97 CVEs, Including Zero-Day & Wormable Bugs

Microsoft's Patch Tuesday security update for April 2023 contains patches for 97 CVEs, including one zero-day bug under active exploit in ransomware attacks, another that's a reissue of a fix for a flaw from 2013 that a threat actor recently exploited in a supply chain attack on 3CX, and a wormable bug rated critical in severity.

Microsoft identified a total of seven of the bugs it fixed this month as being of critical severity, which typically means organizations need to make them a top priority from a patch implementation standpoint. (Dark Reading)

Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers

Microsoft recently shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability.

Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager (NTLM) hashes and stage a relay attack without requiring any user interaction. (The Hacker News)

Fake Ransomware Gang Targets U.S. Orgs With Empty Data Leak Threats

Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening U.S. companies with publishing or selling allegedly stolen data unless they get paid.

Sometimes the actors add the menace of a distributed denial-of-service (DDoS) attack if the message recipient does not comply with the instructions in the message. (BleepingComputer)

FBI Seizes Bot Shop ‘Genesis Market’ Amid Arrests Targeting Operators, Suppliers

Several domain names tied to Genesis Market, a bustling cybercrime store that sold access to passwords and other data stolen from millions of computers infected with malicious software, were seized by the Federal Bureau of Investigation (FBI) today. The domain seizures coincided with more than a hundred arrests in the United States and abroad targeting those who allegedly operated the service, as well as suppliers who continuously fed Genesis Market with freshly-stolen data. (Krebs on Security)